Skip to content

feat(self-hosted-sandboxes): Add Sprites self-hosted sandbox variant #411

feat(self-hosted-sandboxes): Add Sprites self-hosted sandbox variant

feat(self-hosted-sandboxes): Add Sprites self-hosted sandbox variant #411

name: Claude PR Review
on:
pull_request:
types: [opened, ready_for_review, synchronize]
paths:
- '**/*.ipynb'
- '**/*.py'
- '.github/workflows/**'
- 'pyproject.toml'
- 'uv.lock'
workflow_dispatch:
inputs:
pr_number:
description: 'PR number to review'
required: true
type: number
jobs:
pr-review:
# Only run for internal contributors (not forks) unless manually triggered
if: github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
id-token: write # Anthropic Workload Identity Federation
steps:
- name: Set PR number
id: pr-number
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT
else
echo "number=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
fi
- name: Checkout PR
uses: actions/checkout@v6
with:
fetch-depth: 0
ref: ${{ github.event_name == 'workflow_dispatch' && format('refs/pull/{0}/head', inputs.pr_number) || '' }}
- name: Run Claude PR Review
uses: anthropics/claude-code-action@bbfaf8e1ffe3e688f7ab65ceee78de241e24a238 # v1.0.132 (>=v1.0.130 for WIF inputs)
with:
# Anthropic auth via Workload Identity Federation — the action
# exchanges this job's GitHub OIDC token (id-token: write above)
# for a short-lived access token instead of a static API key.
anthropic_federation_rule_id: fdrl_01SqmTwzmEE547mtaYN1mqHL
anthropic_organization_id: 1ec12c5c-6542-4da8-bf2f-c15919aef01c
anthropic_service_account_id: svac_01BHcCBa1UWFvNrHMqJjuaUZ
github_token: ${{ secrets.GITHUB_TOKEN }}
prompt: |
/review-pr-ci ${{ steps.pr-number.outputs.number }}
claude_args: |
--allowedTools "SlashCommand,Task,Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr review:*),Bash(git diff:*),Bash(git log:*),Read,Glob,Grep"
env:
PR_NUMBER: ${{ steps.pr-number.outputs.number }}